401 instead of 403 on wrong backup auth credential type

2024-10-31 10:25:44 -05:00 · 2024-10-31 10:25:44 -05:00 · fc0a7b7657
parent c1e870d8f5
commit fc0a7b7657
2 changed files with 8 additions and 8 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/backup/BackupManager.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/backup/BackupManager.java
@ -649,7 +649,7 @@ public class BackupManager {
   *
   * @param backupUser     The backup user to check
   * @param credentialType The credential type to require
-   * @throws {@link Status#PERMISSION_DENIED} error if the backup user is not authenticated with the given
+   * @throws {@link Status#UNAUTHENTICATED} error if the backup user is not authenticated with the given
   * {@code credentialType}
   */
  @VisibleForTesting
@ -659,8 +659,8 @@ public class BackupManager {
              FAILURE_REASON_TAG_NAME, "credential_type")
          .increment();

-      throw Status.PERMISSION_DENIED
-          .withDescription("credential does not support the requested operation")
+      throw Status.UNAUTHENTICATED
+          .withDescription("wrong credential type for the requested operation")
          .asRuntimeException();
    }
  }
--- a/service/src/test/java/org/whispersystems/textsecuregcm/backup/BackupManagerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/backup/BackupManagerTest.java
@ -176,7 +176,7 @@ public class BackupManagerTest {
          .isThrownBy(checkCredentialType)
          .extracting(StatusRuntimeException::getStatus)
          .extracting(Status::getCode)
-          .isEqualTo(Status.Code.PERMISSION_DENIED);
+          .isEqualTo(Status.Code.UNAUTHENTICATED);
    } else {
      assertThatNoException().isThrownBy(checkCredentialType);
    }
@ -215,7 +215,7 @@ public class BackupManagerTest {

    assertThatExceptionOfType(StatusRuntimeException.class)
        .isThrownBy(() -> backupManager.createMessageBackupUploadDescriptor(backupUser).join())
-        .matches(exception -> exception.getStatus().getCode() == Status.PERMISSION_DENIED.getCode());
+        .matches(exception -> exception.getStatus().getCode() == Status.UNAUTHENTICATED.getCode());
  }

  @Test
@ -245,7 +245,7 @@ public class BackupManagerTest {
        .isThrownBy(() -> backupManager.createTemporaryAttachmentUploadDescriptor(backupUser))
        .extracting(StatusRuntimeException::getStatus)
        .extracting(Status::getCode)
-        .isEqualTo(Status.Code.PERMISSION_DENIED);
+        .isEqualTo(Status.Code.UNAUTHENTICATED);
  }

  @ParameterizedTest
@ -502,7 +502,7 @@ public class BackupManagerTest {
        .isThrownBy(() -> copy(backupUser))
        .extracting(StatusRuntimeException::getStatus)
        .extracting(Status::getCode)
-        .isEqualTo(Status.Code.PERMISSION_DENIED);
+        .isEqualTo(Status.Code.UNAUTHENTICATED);
  }

  @Test
@ -675,7 +675,7 @@ public class BackupManagerTest {
    assertThatThrownBy(() ->
        backupManager.deleteMedia(backupUser, List.of(new BackupManager.StorageDescriptor(5, mediaId))).then().block())
        .isInstanceOf(StatusRuntimeException.class)
-        .matches(e -> ((StatusRuntimeException) e).getStatus().getCode() == Status.PERMISSION_DENIED.getCode());
+        .matches(e -> ((StatusRuntimeException) e).getStatus().getCode() == Status.UNAUTHENTICATED.getCode());
  }

  @Test